Suppose your team is working on a project in "/home/share" and your team members need to create documents and programs in /home/share so that others in the team can edit and execute these documents as needed. Also only the members belonging to the team are to have access to the /home/share folder. This can be achieved easily in Linux by a combination of SGIDs and permissions.

But what is an SGID ?

An SGID is short form for Set Group ID. It is a sticky bit which is usually applied to directories. When you apply a SGID to a directory, any files that are created in that directory will have the group ownership of the directory itself.

First we create the directory which we want to share with the project team members.

# mkdir /home/share

Now create a group called 'share' using the groupadd script.

# /usr/bin/groupadd share

Change the group ownership of the /home/share folder.

# chown -R root.share /home/share

Set the permissions of the share folder to full permissions for users and group and none for others. Note: If you want users not belonging to the group to view the contents of the share folder, then you have to give necessary permissions for others. ie 775.

# chmod 770 /home/share

Set the Group ID bit for the /home/share folder so that any file or directory created in this folder will have the same group ownership.

# chmod g+s /home/share

$ ls -ld /home/sharedrwxrws--- 2 root share 4096 May 22 06:06 share

Note the sgid bit 's' in the listing of the share folder above. Now only those users belonging to the 'share' group will have access to the /home/share folder and any file or directory created by any of the users in the /home/share folder will be owned by the 'share' group.

Lastly start adding the team members of the project to the 'share' group.

Above I have added 3 users - user1,user2,user3 - to the share group. Now if you want to add another user (say team leader) to the share group and give him special privileges for managing the users in the share group; this is achieved by using the -A switch.

# /usr/bin/gpasswd -A user4 share

Now check the /etc/group file to see the share group and members belonging to the share.

$ cat /etc/group|grep share...share:x:502:user1,user2,user3,user4...

The user will need to issue a reset before they can get access. As 'root' you can test their account.